Storage

05:00 AM
Connect Directly
RSS
E-Mail
50%
50%

Log Management Gets SLIM

QRadar's new appliance adds event correlation to log management.

The Upshot

Claim
Q1 Labs' Simple Log and Information Management (SLIM) product adds event correlation to log management. It provides reports based on log data. The company says the product can help meet regulatory requirements that demand log retention and review.
Context
Q1 Labs is a security event management (SEM) company that's getting into the log management market with SLIM. Meanwhile, log management vendors such as Splunk and LogLogic are adding data mining features to their products. SLIM is best suited to correlation and reporting rather than data mining.
Credibility
SLIM uses the same underlying framework used by that Q1 Labs' SEM product, QRadar. The event correlation and report definitions are easy to set up. Defining parsing rules for messages can be difficult, but is on par with other log management products.

QRADAR SLIM

Log management is a regulatory requirement and best practice. It has grown from simple aggregation and storage of logs to become another data resource that can be mined, trended and reported on.

Q1 Labs' Simple Log and Information Management—SLIM—platform stores logs from a variety of devices and can correlate events and create ad hoc and scheduled reports. The appliance is rated for 5,000 events per second; adding more devices increases this events-per-second ratio.

SLIM's event correlation feature can be useful for uncovering malicious or unwanted activity in real time and can be easily customized. It also includes report templates for regulations such as Sarbanes-Oxley and GLB. However, SLIM is not as agile with real-time data mining or arbitrary event data compared with products from Splunk or LogLogic, both of which create indexes of data as they stream from event sources. SLIM is a good fit for companies that want to automate report generation and event correlation from log data.

As tested, SLIM costs $24,000; the product ships with 2 terabytes of disk space, and raw data and indexes are compressed after two days, conserving space with minimal impact on searching. Splunk's commercial software starts at $5,000 for 500 MB of indexed data per day, and hardware typically runs to over $10,000 for a beefy server. Moreover, Splunk doesn't have SLIM's event correlation component. A more comparable product, LogLogic's LX 2010, lists for $28,000 plus an additional $14,999 for compliance and control suites. It has more robust archiving functions and powerful search capabilities.

Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed